FINAL WORD
The current pandemic has
highlighted the need for channel
partners to continue to leverage their
relations with their customers for a
healthy partner ecosystem.
What is the current cyberthreat
landscape in the UAE?
The cyberthreat landscape in the United
Arab Emirates (UAE) is rapidly evolving,
with cybercriminals increasingly targeting
people rather than infrastructure. In fact,
Proofpoint’s recent survey of CISOs and
CSOs in the region revealed that 82% of
UAE organisations suffered at least one
cyberattack in 2019. Over half (51%) reported
multiple incidents and almost a third (31%)
experienced one.
From email-based threats, such as
Business Email Compromise attacks
(BEC), to compromising cloud accounts
and debilitating ransomware attacks,
cybercriminals are aware that employees
can easily be tricked. Using social
engineering attacks, cybercriminals can
steal credentials, siphon sensitive data and
fraudulently transfer funds. Employees
across all job levels and functions can put
your business at risk in numerous ways,
from using weak passwords and sharing
credentials to clicking on malicious links and
downloading unauthorised applications.
To address this, organisations must
consider how often they are being targeted,
the risks these attacks pose and how
prepared they – and, more importantly, their
workforce – are. Employee education and
security awareness is often the difference
between an attempted cyberattack and a
successful one.
How much of a target are emails
and why, and what threats are
introduced via email?
Email is and will remain the initial threat
vector of choice for most actors.
Email-based threats are among the
oldest, most pervasive and widespread
cybersecurity threats hitting organisations
worldwide. From massive malware
campaigns targeting millions of recipients
with banking Trojans to carefully crafted
email fraud, the email threat landscape is
extremely diverse, creating a wide range
of opportunities for threat actors to
attack organisations.
More importantly, email allows
threat actors to attack individuals within
an organisation, a far more lucrative
and effective approach than targeting
infrastructure. These threats must
continuously grow in sophistication as
humans become better at detecting them
over time.
Credentials are often phished via email –
a method of attack that remains alarmingly
effective. Cybercriminals are increasingly
using compromised credentials to access
email accounts, sensitive information and
corporate systems.
Proofpoint research found that account
compromise was in fact the leading method
of cyberattack in the UAE in 2019, impacting
28% of companies, followed by credential
phishing (20%) and insider threats (17%).
Phishing and impersonation attacks/
Business Email Compromise (BEC) attacks
accounted for 15% each amongst the
organisations targeted last year.
In line with this, email fraud via Business
Email Compromise (BEC), in which an
attacker gains access to an email account
and spoofs its owner, is on the rise globally
– and is now being described as one of
the most expensive threats on the cyber
landscape. In fact, the latest FBI report
estimates total worldwide losses as a result
of BEC at US$1.7bn in 2019.
Evidently, the threat outlook is fastevolving
and we will continue to witness
cybercriminals trying to gain foothold
and steal sensitive information via emailborne
attacks.
How important is human behaviour
in preventing these types of attacks?
Cybercriminals are increasingly targeting
people rather than infrastructure. In
fact, 99% of cyberattacks require human
interaction to be successful.
CISOs and CSOs in the UAE recognise this
human risk to their organisations, with 39%
believing that their employees make their
business vulnerable to a cyberattack.
Common security errors made by
employees according to CSOs and CISOs
include poor password hygiene (29%),
mishandling sensitive information (25%),
falling for phishing attacks (24%) and clicking
INTELLIGENT TECH CHANNELS
INTELLIGENT
TECH CHANNELS Issue 32
65